Centos7 http 無法正常啟動。httpd 有效， systemctl start httpd 無效

我可以直接通過啟動apache httpd，但我不能通過啟動它systemctl start httpd。我更喜歡 daemon 方法，這樣我就可以讓它自動啟動。

有人遇到這個問題嗎？這是在新的 CentOS7 虛擬機上。

systemctl 啟動 http

Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

systemctl 狀態 httpd.service

   ● httpd.service - The Apache HTTP Server
      Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
      Active: failed (Result: exit-code) since Tue 2018-03-20 17:20:54 EDT; 37s ago
        Docs: man:httpd(8)
              man:apachectl(8)
     Process: 7025 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
     Process: 7024 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
    Main PID: 7024 (code=exited, status=1/FAILURE)

   Mar 20 17:20:54 test.local.com systemd[1]: Starting The Apache HTTP Server...
   Mar 20 17:20:54 test.local.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
   Mar 20 17:20:54 test.local.com kill[7025]: kill: cannot find process ""
   Mar 20 17:20:54 test.local.com systemd[1]: httpd.service: control process exited, code=exited status=1
   Mar 20 17:20:54 test.local.com systemd[1]: Failed to start The Apache HTTP Server.
   Mar 20 17:20:54 test.local.com systemd[1]: Unit httpd.service entered failed state.
   Mar 20 17:20:54 test.local.com systemd[1]: httpd.service failed.

journalctl -xe

Pastebin

/etc/httpd/logs/error_log

Pastebin

對預設配置的唯一更改：

/etc/httpd/conf/httpd.conf
IncludeOptional sites-enabled/*.conf

/etc/httpd/sites-enabled/local.com.conf
<VirtualHost *:80>
   ServerName test.local.com
   ServerAlias local.com
   Redirect / https://local.com
</VirtualHost>

<VirtualHost _default_:443>
   ServerName test.local.com
   ServerAlias local.com
   ServerAdmin testemail@local.com

   DocumentRoot /var/www/local.com/public_html

   ErrorLog /var/www/local.com/error.log
   CustomLog /var/www/local.com/access.log common

   SSLEngine On
   SSLCertificateFile /etc/ssl/certs/www/local.com.crt
   SSLCertificateKeyFile /etc/ssl/certs/www/local.com.key
</VirtualHost>

僅打開埠：

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-dmc --reload

這是我從全新的 CentOS7 安裝中所做的整個確切過程：

Fresh CentOS 7 installation (VM)

yum upgrade -y

yum search http
yum install -y httpd httpd-devel mod_ssl openssl

systemctl start httpd

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

   Browse to 192.168.1.241
       Apache is live!

yum search mariadb
yum install -y mariadb-server

systemctl start mariadb
mysql_secure_installation

   mysql -uroot -p
       Login to mysql server works!

yum search php

yum install -y php php-cli php-dba php-devel php-fpm php-mysql php-process php-pspell php-xml

systemctl restart httpd

   Browse to 192.168.1.241/info.php
       PHP is live!

mkdir /etc/httpd/sites-enabled
echo "IncludeOptional sites-enabled/*.conf" >> /etc/httpd/conf/httpd.conf

/etc/httpd/sites-enabled/local.com.conf
   <VirtualHost *:80>
       ServerName test.local.com
       ServerAlias local.com
       Redirect permenent / https://local.com
   </VirtualHost>

   <VirtualHost _default_:443>
       ServerName test.local.com
       ServerAlias local.com
       ServerAdmin testemail@local.com

       DocumentRoot /var/www/local.com/public_html

       ErrorLog /var/www/local.com/error.log
       CustomLog /var/www/local.com/access.log combined

       SSLEngine On
       SSLCertificateFile /etc/ssl/certs/www/local.com.crt
       SSLCertificateKeyFile /etc/ssl/certs/www/local.com.key
   </VirtualHost>

mkdir -p /var/www/local.com/public_html

chown -R apache:apache /var/www/local.com/public_html
chmod -R 755 /var/www

cd /etc/ssl/certs/www
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout local.com.key -out local.com.crt

   Browse to 192.168.1.241
       Unsecure service (self signed ssl) accept
       Site is live!
       I was redirected to https://local.com

NOTE: I added the following to my desktop's (separate PC) /etc/hosts
   192.168.1.241 test.local.com local.com

   This acts as a DNS record for my site

yum install -y epel-release
yum install -y phpmyadmin

edit /etc/httpd/conf.d/phpMyAdmin.conf
   Add under any line with Require ip 127.0.0.1 with
   Require ip 192.168.1.5

   Add under any line with Allow from 127.0.0.1 with
   Allow from 192.168.1.5

systemctl restart httpd # FAILS
kill pid for httpd
httpd # start httpd directly
   Access https://local.com/phpMyAdmin
   Now have access to phpMyAdmin

   Login with root, 12345
   And have mariadb access!

yum install -y awstats

edit /etc/httpd/conf.d/awstats.conf
    Change Require ip and Allow ip same as phpMyAdmin

cp /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/awstats.local.com.conf

edit /etc/awstats/awstats.local.com.conf
    LogFile="/var/log/httpd/access.log"
    SiteDomain="www.local.com"
    HostAliases="local.com 127.0.0.1"

echo "*/30 * * * * root /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=www.local.com -update" >> /etc/crontab

kill httpd pid
httpd

   Browse to https://local.com/awstats/awstats.pl?config=local.com
       Awstats is live!

您在使用 SELinux 時遇到了麻煩。

/var/www出於安全原因，CentOS 7 提供了阻止 httpd 寫入 下的文件的規則。

您正在將 VirtualHost 的日誌文件配置到該目錄下的某個位置：

   ErrorLog /var/www/local.com/error.log
   CustomLog /var/www/local.com/access.log combined

因此，當 httpd（由 systemd 啟動）嘗試寫入這些日誌文件時，SELinux 將阻止該操作，最終導致 httpd 退出並出現錯誤退出程式碼。

您可以使用以下命令確認這一點，該ausearch命令會檢查審核日誌（儲存在 下/var/log/audit/audit.log）中的條目：

$ sudo ausearch -m avc
type=AVC msg=audit(1234567890.123:234): avc:  denied  { write } for  pid=12345 comm="httpd" name="local.com" dev="sda1" ino=12345678 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir

在此消息中，您將看到寫入的目標被標記為httpd_sys_content_t。如果您ls -Z在日誌文件上使用，您會看到它們是這樣標記的：

$ ls -Z /var/www/local.com/
-rw-r--r--. root   root   unconfined_u:object_r:httpd_sys_content_t:s0 access.log                                                                                         
-rw-r--r--. root   root   unconfined_u:object_r:httpd_sys_content_t:s0 error.log                                                                                          
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 public_html

這只影響由 systemd 啟動的 httpd 而不是直接執行 httpd 時的原因是，您的 SSH 會話在“無限制”域中執行，因此在那裡執行 httpd 不會觸發任何 SELinux 轉換……當通過 systemd 啟動時，它會在啟動守護程序時應用正確的 SELinux 權限。

chcon您可以通過使用以下命令更改這些文件的 SELinux“類型”來臨時解決此問題：

$ sudo chcon -t httpd_log_t /var/www/local.com/*.log
$ ls -Z /var/www/local.com/
-rw-r--r--. root   root   unconfined_u:object_r:httpd_log_t:s0 access.log
-rw-r--r--. root   root   unconfined_u:object_r:httpd_log_t:s0 error.log
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 public_html

那時，通過 systemctl 啟動 httpd 就可以正常工作了…

但這不是一個很好的解決方案，因為如果重新創建這些文件（例如，在日誌輪換期間）或者如果您的文件系統被重新標記，SELinux 類型將會失去……

有一些方法可以使該類型更持久（例如，semanage fcontext命令），但是這個 SELinux 策略在這裡試圖實現的是防止將 Web 內容與日誌混合，以防止意外提供日誌文件或覆蓋 Web 內容.

/var/log/httpd正確的答案是在該目錄或該目錄的子目錄下創建日誌文件。如果您這樣做，SELinux 類型從一開始就是正確的，在任何操作（包括 SELinux 重新標記）中都將保持正確，並且一切都應該按預期工作。

所以，如果你可以把你的日誌放在下面/var/log/httpd，那應該可以解決這個問題！

引用自：https://unix.stackexchange.com/questions/432425